Nothing speaks reputation risk management success like having a boring crisis. No declarations of regulatory opprobrium from shocked regulators, although a few State Attorneys General are probing, looking for some political points. No demands for the heads of directors and officers from activist investors. No hand wringing in the blogosphere from any other aggrieved stakeholder group.

No one seems the least bit surprised. According to an analysis published by Consensiv, the reputation controls company, based on reputation value metrics we used by Steel City Re, JPMorgan Chase’s reputation premium, a measure of additional value arising from favorable stakeholder expectations, is up slightly to the 91st percentile within its peer group since the breach was first disclosed in July.

In early September, Home Depot, the home improvement chain confirmed that its payment systems had been hacked. The full extent of the breach appears to be around 60 million records. It is the largest retail breach on record eclipsing Target's 40 million records last year, and naturally, litigators and regulators have started their investigations.

Something however is amiss. You look at the way reputation value metrics responded to the Home Depot data breach and you'd have to say they reek of complacency. There's hardly a blip. It seems that a data breach no longer has the ability to shock stakeholders, who by the look of things, no longer expect credit card information to remain secure. Thus, in a rather short span, it appears that cyber security risk has been downgraded from a reliable trigger of reputational value losses to a mere source of embarrassment, consternation, and operational loss. Dog bites man, yawn.